Unencrypted volumes detected

Scenario

AWS Config identified EC2 instances with unencrypted attached volumes

How do I investigate?

  • Using the AWSLandingZoneReadOnlyRole navigate to the Security Account and review the AWS Config Dashboard
  • Select Rules under the Aggregated view from the side menu
  • Change the *Compliance status *filter from All to Noncompliant
  • Select the LZ-AttachedVolumesEncrypted-v1 rule and review the non-compliant resources
    • Note the account and region where the resources are located
  • To review the rule details:
    • Select Rules below the Dashboard in the side menu
    • Scroll down and select the LZ-AttachedVolumesEncrypted-v1 rule

Team Discussion

  • How would you prevent the EBS volumes from getting created without encryption?
  • How would you deploy the solution to all accounts within the AWS Organization?
  • How would you instruct the application team to remediate the volume encryption on the non compliant resources?

Resources